博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
GDB使用记录
阅读量:5227 次
发布时间:2019-06-14

本文共 16976 字,大约阅读时间需要 56 分钟。

ref:http://sunyongfeng.com/201506/programmer/tools/gdb.html

在原文的基础上,我又补充了一些东西 (2019.06.02)


 

简介

GDB,GNU Debugger,如下:

  • GDB具备各种调试功效,可对计算机程序的运行进行追踪、警告。使用者可以监控及修改程序内部变量的值,甚至可在程序的正常运行之外调用函数。
  • GDB支持多数处理器架构
  • 持续开发中
  • 支持远程调试
  • 支持内核调试,KGDB

从事嵌入式软件开发两年来,主要在以下几方面使用GDB:

  1. 查看、修改运行时变量;
  2. 多线程调试,查看当前线程运行状态(以确定当前线程是不是因为等锁等原因挂起);
  3. 查看文件;
  4. 碰到难缠的内存非法改写问题,用GDB的断点、物理watch功能查看内存变化以定位改写者;

引用公司一个技术牛人的话:在大型的项目中,使用GDB的单步调试、软件watch是不现实的,因为会运行得实在太慢。

命令小记:

linux提示符 1. GDB进入正在运行的进程     gdb 可执行文件 core文件 gdb -p pid GDB提示符 1. 查看调用栈信息 bt / backtrace / bt full frame n info locals info args 2. 查看、设置变量 p 变量 p 变量 = 新值 set 变量 = 新值 3. 查看内存 x/
4. 线程调试 info thread thread n thread apply all bt full

启动GDB

GCC选项

想用GDB调试,则在GCC编译的时候要加上-g选项。

启动GDB

启动GDB的方法主要有以下几种:

  • gdb
  • gdb executable_file
  • gdb executable_file corefile:查看coredump文件信息,定位coredump产生原因、触发源。
  • gdb attach pid:调度运行时的进程或线程,同gdb -p pid

善用help

在GDB提示符下输入helphelp 命令,能够查看命令的帮助说明。

(gdb) help List of classes of commands: aliases -- Aliases of other commands breakpoints -- Making program stop at certain points data -- Examining data files -- Specifying and examining files internals -- Maintenance commands obscure -- Obscure features running -- Running the program stack -- Examining the stack status -- Status inquiries support -- Support facilities tracepoints -- Tracing of program execution without stopping the program user-defined -- User-defined commands Type "help" followed by a class name for a list of commands in that class. Type "help all" for the list of all commands. Type "help" followed by command name for full documentation. Type "apropos word" to search for commands related to "word". Command name abbreviations are allowed if unambiguous.

查看调用栈

写一个简单的例子(仅为样例,并不严谨):

#include 
#include
#include
#include
#include
#include
typedef struct { int member_a; int member_b; } test_t; int g_int; bool g_bool; char *g_str[] = { "Hello, GDB!", "It's funny." }; void stay_here(int arg, test_t *test) { int local; local = 100; while (true) { local++; if (local % 200 == 0) { local = 0; } sleep(1); } return; } void *thread_process(void *arg) { int in; char name[64]; in = (int)arg; (void)snprintf(name, 64, "test-%d", in + 1); prctl(PR_SET_NAME, (unsigned long)name); /* set thread name */ while (true) { sleep(2); } return NULL; } void create_thread(void) { int i, rv; pthread_t tid; for (i = 0; i < 5; i++) { rv = pthread_create(&tid, NULL, thread_process, (void *)i); assert(rv == 0); } } int main(int argc, char **argv) { int local; test_t test; local = 999; test.member_a = 10; test.member_b = 11; create_thread(); stay_here(local, &test); return 0; }

编译并运行起来,注意gcc的-g选项,这里使用&让程序运行到后台,[1] 8043指刚刚这个程序运行时的进程号,也可用ps命令查看。

sunnogo@a3e420:~/test/gdb$ gcc -o prt_mod_var prt_mod_var.c -g -Wall -lpthread sunnogo@a3e420:~/test/gdb$ sunnogo@a3e420:~/test/gdb$ ls prt_mod_var prt_mod_var.c sunnogo@a3e420:~/test/gdb$ ./prt_mod_var & [1] 8043 sunnogo@a3e420:~/test/gdb$ sunnogo@a3e420:~/test/gdb$ ps -e | grep prt_mod_var 8043 pts/1 00:00:00 prt_mod_var

接下来使用gdb -p 8043连入正在运行的进程中。还不明白为什么我的计算机中要求使用root权限才能让GDB attach到对应进程。

sunnogo@a3e420:~/test/gdb$ gdb -p 8043 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see:
. Attaching to process 8043 Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf ptrace: Operation not permitted. (gdb) quit

重新sudo gdb -p pid进入进程。

  • 使用bt查看当前调用栈信息(call stack,即函数调用层次信息),当前进程的是由main() -> sleep() -> nanosleep() -> __kernel_vsyscall()一层一层调入。注意“#数字”,在GDB中这叫stack frames,或直接称为frame,运行栈由一个或多个连续的frame组成,数字越小代表调用层次越深。
  • 使用bt full查看详细调用栈信息,会把各个frame的入参和局部变量信息显示出来。这里bt是backtrace的缩写,GDB的全命令经常有其简短的写法。

注意:GDB中,按回车默认是执行上一次命令。

先MARK下面的“No symbol table info available.

sunnogo@a3e420:~/test/gdb$ sudo gdb -p 8043 [sudo] password for sunnogo: GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see:
. Attaching to process 8043 Reading symbols from /home/sunnogo/test/gdb/prt_mod_var...done. Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb7751424 in __kernel_vsyscall () (gdb) bt #0 0xb7751424 in __kernel_vsyscall () #1 0xb7640ce0 in nanosleep () from /lib/i386-linux-gnu/libc.so.6 #2 0xb7640aff in sleep () from /lib/i386-linux-gnu/libc.so.6 #3 0x0804845b in stay_here (arg=999, test=0xbf8e5118) at prt_mod_var.c:26 #4 0x08048492 in main (argc=1, argv=0xbf8e51c4) at prt_mod_var.c:41 (gdb) bt full #0 0xb7751424 in __kernel_vsyscall () No symbol table info available. #1 0xb7640ce0 in nanosleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #2 0xb7640aff in sleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #3 0x0804845b in stay_here (arg=999, test=0xbf8e5118) at prt_mod_var.c:26 local = 113 #4 0x08048492 in main (argc=1, argv=0xbf8e51c4) at prt_mod_var.c:41 local = 999 test = {member_a = 10, member_b = 11}
  • 使用frame n进入“#n”的frame。默认显示当前函数名、函数入参、当前运行处所在源文件的代码行位置,并显示当前行代码。
  • 使用info命令查看frame详细信息,info命令不是全命令,后面还有子命令。info有很多子命令,除本frame外,还可以查看本进程信息、系统信息,这里仅仅是冰山一角。
    • info frame 显示当前frame信息
    • info args 显示入参信息
    • info local 显示局部变量信息
(gdb) frame 3 #3  0x0804845b in stay_here (arg=999, test=0xbf8e5118) at prt_mod_var.c:26 26 sleep(1); (gdb) info frame Stack level 3, frame at 0xbf8e5100: eip = 0x804845b in stay_here (prt_mod_var.c:26); saved eip 0x8048492 called by frame at 0xbf8e5130, caller of frame at 0xbf8e50d0 source language c. Arglist at 0xbf8e50f8, args: arg=999, test=0xbf8e5118 Locals at 0xbf8e50f8, Previous frame's sp is 0xbf8e5100 Saved registers: ebx at 0xbf8e50f4, ebp at 0xbf8e50f8, eip at 0xbf8e50fc (gdb) info args arg = 999 test = 0xbf8e5118 (gdb) info local local = 113 (gdb)

查看、修改变量

p var查看变量信息,p是print的缩写。

  • p var
  • p *(指针类型)地址
  • p *结构体指针
  • p 数组名
# 打印变量 (gdb) p g_int $3 = 0 (gdb) p g_bool $4 = false # 打印特定类型指针 (gdb) info local local = 113 (gdb) p &local $11 = (int *) 0xbf8e50ec (gdb) p *(int *) 0xbf8e50ec $12 = 113 (gdb) # 打印结构体指针 (gdb) p test $1 = (test_t *) 0xbf8e5118 (gdb) p *test $2 = {member_a = 10, member_b = 11} # 打印数组名 (gdb) p g_str $5 = {0x8048538 "Hello, GDB!", 0x8048544 "It's funny."} (gdb) p g_str[0] $6 = 0x8048538 "Hello, GDB!"

print不仅可以用来查看变量,还可用于设置变量。print var=value

设置变量值的命令还有setset var=value

# set int (gdb) print local $1 = 109 (gdb) print local=20 $2 = 20 (gdb) print local $3 = 20 (gdb) set local=30 (gdb) print local $4 = 30 # set bool (gdb) print g_bool $5 = false (gdb) set g_bool=true No symbol "true" in current context. (gdb) set g_bool=1 (gdb) print g_bool $6 = true # set pointer (gdb) print g_str $7 = {0x8048538 "Hello, GDB!", 0x8048544 "It's funny."} (gdb) set g_str[0]="SETTING VAR" (gdb) print g_str $8 = {0x8e05008 "SETTING VAR", 0x8048544 "It's funny."} (gdb)

查看内存

examine查看内存,缩写是x。命令格式:

x/

n、f、u是可选参数,说明如下:

(gdb) help x Examine memory: x/FMT ADDRESS. ADDRESS is an expression for the memory address to examine. FMT is a repeat count followed by a format letter and a size letter. Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal), t(binary), f(float), a(address), i(instruction), c(char) and s(string). Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes). The specified number of objects of the specified size are printed according to the format. Defaults for format and size letters are those previously used. Default count is 1. Default address is following last thing printed with this command or "print".
  • n表示要打印的多少个单位的内存,默认是1,单位由u定义;
  • f表示打印的格式,格式有:
    • o,octal,八进制;
    • x,hex,十六进制;
    • d,decimal,十进制;
    • u,unsigned decimal,无符号十进制;
    • t,binary,二进制;
    • f,float;
    • a,address;
    • i,instruction,指令;
    • c,char,字符;
    • s,string,字符串。
  • u定义单位,b表示1字节,h表示2字节,w表示4字节,g表示8字节。
# 当前CPU是intel i3,小端 # 以十进制形式打印 (gdb) x/8db test 0xbf8e5118: 10 0 0 0 11 0 0 0 (gdb) x/4dh test 0xbf8e5118: 10 0 11 0 (gdb) x/2dw test 0xbf8e5118: 10 11 (gdb) x/2d test 0xbf8e5118: 10 11 (gdb) x/1dg test 0xbf8e5118: 47244640266 # 注意和x/1xg test的结果比较 # 以二进制形式打印 (gdb) x/1tg test 0xbf8e5118: 0000000000000000000000000000101100000000000000000000000000001010 (gdb) x/2tw test 0xbf8e5118: 00000000000000000000000000001010 00000000000000000000000000001011 (gdb) x/4th test 0xbf8e5118: 0000000000001010 0000000000000000 0000000000001011 0000000000000000 (gdb) x/8tb test 0xbf8e5118: 00001010 00000000 00000000 00000000 00001011 0000000000000000 00000000 # 以十六进制形式打印 (gdb) x/8xb test 0xbf8e5118: 0x0a 0x00 0x00 0x00 0x0b 0x00 0x00 0x00 (gdb) x/4xh test 0xbf8e5118: 0x000a 0x0000 0x000b 0x0000 (gdb) x/2xw test 0xbf8e5118: 0x0000000a 0x0000000b (gdb) x/1xg test 0xbf8e5118: 0x0000000b0000000a # 打印字符或字符串 (gdb) x/30cb g_str[0] 0x8048538: 72 'H' 101 'e' 108 'l' 108 'l' 111 'o' 44 ',' 32 ' ' 71 'G' 0x8048540: 68 'D' 66 'B' 33 '!' 0 '\000' 73 'I' 116 't' 39 '\'' 115 's' 0x8048548: 32 ' ' 102 'f' 117 'u' 110 'n' 110 'n' 121 'y' 46 '.' 0 '\000' 0x8048550: 1 '\001' 27 '\033' 3 '\003' 59 ';' 56 '8' 0 '\000' (gdb) x/s g_str[0] 0x8048538: "Hello, GDB!"

查看线程信息

有两种方法可以进入线程调试:

  • 设置线程名,用ps查看母进程的线程信息,获取tid,再启动GDB进入;
  • 直接启动GDB调试母进程,info thread查看所有线程信息,获取到想要的线程的GDB内部编号n,thread n进入线程的调用栈。

直接获取、调试线程

上面样例中创建5条线程,并使用prctl函数为每条线程命名为”test-n”。

这样可以通过ps -eL | grep test(或者test进程的pid)来查看刚创建的线程的tid。然后gdb -p tid进入线程调度。这里进入编号为4的线程。

sunnogo@a3e420:~/test/gdb$ gcc -o test test.c -g -Wall -lpthread sunnogo@a3e420:~/test/gdb$ ./test & [2] 16427 sunnogo@a3e420:~/test/gdb$ ps -eL | grep test 16427 16427 pts/1 00:00:00 test 16427 16428 pts/1 00:00:00 test-1 16427 16429 pts/1 00:00:00 test-2 16427 16430 pts/1 00:00:00 test-3 16427 16431 pts/1 00:00:00 test-4 16427 16432 pts/1 00:00:00 test-5 sunnogo@a3e420:~/test/gdb$ sudo gdb -p 16431 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see:
. Attaching to process 16431 warning: process 16431 is a cloned process Reading symbols from /home/sunnogo/test/gdb/test...done. Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb774f424 in __kernel_vsyscall () (gdb) bt full #0 0xb774f424 in __kernel_vsyscall () No symbol table info available. #1 0xb7623d06 in nanosleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #2 0xb7623aff in sleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #3 0x080485ee in thread_process (arg=0x3) at test.c:46 in = 3 name = "test-4", '\000'
#4 0xb771cd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0 No symbol table info available. #5 0xb765abae in clone () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. (gdb)

间接获取、调试线程

注意和上一种方法的对比,相比起来,第一种方法要方便得多。也从侧面看出为每个线程命名的重要性。

sunnogo@a3e420:~/test/gdb$ nnogo@a3e420:~/test/gdb$ sudo gdb attach 16427 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see:
... attach: No such file or directory. Attaching to process 16427 Reading symbols from /home/sunnogo/test/gdb/test...done. Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...(no debugging symbols found)...done. [New LWP 16432] [New LWP 16431] [New LWP 16430] [New LWP 16429] [New LWP 16428] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb774f424 in __kernel_vsyscall () (gdb) info thread Id Target Id Frame 6 Thread 0xb7568b40 (LWP 16428) "test-1" 0xb774f424 in __kernel_vsyscall () 5 Thread 0xb6d67b40 (LWP 16429) "test-2" 0xb774f424 in __kernel_vsyscall () 4 Thread 0xb6566b40 (LWP 16430) "test-3" 0xb774f424 in __kernel_vsyscall () 3 Thread 0xb5d65b40 (LWP 16431) "test-4" 0xb774f424 in __kernel_vsyscall () 2 Thread 0xb5564b40 (LWP 16432) "test-5" 0xb774f424 in __kernel_vsyscall () * 1 Thread 0xb75696c0 (LWP 16427) "test" 0xb774f424 in __kernel_vsyscall () (gdb) thread 3 [Switching to thread 3 (Thread 0xb5d65b40 (LWP 16431))] #0 0xb774f424 in __kernel_vsyscall () (gdb) bt full #0 0xb774f424 in __kernel_vsyscall () No symbol table info available. #1 0xb7623d06 in nanosleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #2 0xb7623aff in sleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #3 0x080485ee in thread_process (arg=0x3) at test.c:46 in = 3 name = "test-4", '\000'
#4 0xb771cd4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0 No symbol table info available. #5 0xb765abae in clone () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. (gdb) q A debugging session is active. Inferior 1 [process 16427] will be detached. Quit anyway? (y or n) y Detaching from program: /home/sunnogo/test/gdb/test, process 16427 sunnogo@a3e420:~/test/gdb$ sunnogo@a3e420:~/test/gdb$

查看所有线程堆栈

使用 thread apply all bt full,查看所有线程的堆栈,如果线程多,可能会产生短暂刷屏。

gdb中调用调用函数

call func_name(param1, param2, ...),目前还没有明白如果参数是结构体要怎么整。注意,只能在进程上下文中才能使用,coredump中无法使用。

gdb中申请内存

p malloc(size),结果会返回一个指针,即可正常使用这个指针。注意,只能在进程上下文中才能使用,coredump中无法使用。如下例:

(gdb) p malloc(4) [New Thread 0x693ff460 (LWP 2033)] [Switching to Thread 0xb6101000 (LWP 1456)] $1 = (void *) 0xb58d01e0 <----使用这个返回的指针。

查看寄存器信息

info reg

首先随便写一个test.c程序,一个简单的hello world即可。

编译:gcc -g test.c -o test (注意:-g这个参数一定带上,不然无法生成调试符号表)
加载:gdb test
(打印出Reading symbols from Desktop/test/test...done.类似的语句说明加载成功)
开始调试吧。
输入:info reg(发现提示The program has no registers now.)
这时候需要设置断点,让程序跑起来。不然肯定不能看到堆栈信息。
设置断点:b 行号(行号根据程序的大小来设)
运行:r
查看寄存器:info reg

GDB反汇编

将可执行程序用gdb program_name调用到内存中后,就可以利用gdb的反汇编命令调试程序了。常用命令如下:

       (1)设置反汇编的代码为intel格式
       gdb默认反汇编为att格式的指令。可以通过show disassembly-flavor查看。如果习惯intel格式的,用命令
       set disassembly-flavor intel设置。
       (2)反汇编命令disas/disass/disassemble
       功能:将内存中的机器码程序以指令助记符的形式显示出来。
       格式: disas/disass/disassemble 函数名/起始地址[,结束地址]
       例如:
       disas main,显示main函数对应的汇编代码

断点设置

设置断点:b 行号(行号根据程序的大小来设)

内存监控

gdb提供awtach rwatch watch来监控调试中变量或者内存的变化

awatch 命令
  awtach [expr]
   当debugger read或者write该expr时,debugger 停止
rwatch 命令
  rwatch [expr]
  当debugger read该expr时,debugger停止
watch命令
  watch [expr]
  当debugger write该expr时,debugger停止
说明:expr可以是变量或者是内存地址

GCC选项对GDB的影响

GCC -g选项的影响

注意上面的,如果gcc编译的时候不加-g选项,那么frame 3也会显示“No symbol table info available.”,无符号表信息可用,全局变量g_str也打不出来。

(gdb) bt full #0  0xb77a3424 in __kernel_vsyscall () No symbol table info available. #1 0xb7692ce0 in nanosleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #2 0xb7692aff in sleep () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #3 0x08048462 in main () No symbol table info available. (gdb) p g_str $1 = 134513928 (gdb) p g_str[0] cannot subscript something of type `' (gdb) p g_bool $2 = 0 (gdb)

转载于:https://www.cnblogs.com/schips/p/10736612.html

你可能感兴趣的文章
C 判断
查看>>
[原]符合W3C标准的类innerText
查看>>
Js中 字符串函数indexOf与search的区别
查看>>
4.5 异步特性
查看>>
YIIMVC之用户注册和用户登录
查看>>
javascript面向对象(三、四)
查看>>
进程——wait与waitpid、僵尸进程与孤儿进程
查看>>
POJ 1679 The Unique MST(最小生成树)
查看>>
WebView网络请求
查看>>
[BZOJ 4836] 二元运算
查看>>
Internetmap.apk实现原理分析
查看>>
活跃事项传送门(2017年8月)
查看>>
JavaScript设计模式-1.函数
查看>>
textbox不支持Ctrl+A
查看>>
What's New for Visual C# 6.0
查看>>
ExtJs学习笔记之ComboBox组件
查看>>
关于收费软件
查看>>
1001. 害死人不偿命的(3n+1)猜想 (15)
查看>>
点至直线的距离和垂足点计算
查看>>
getopt_long
查看>>